Explanation: Covert channels:
indirect ways for transmitting information with no explicit reading
of confidential information. In other words, the communication is out
in plain view, but "invisible" to those who don't know how to look for
it. This kind of difficulty has induced some researchers to rethink
from scratch the whole problem of guaranteeing security in computer
systems. Some obscure techniques which can be utilized to create covert
channels include hiding messages using the first letters of each word
in a longer communication, blinking eyes in "Morse code" during a conversation,
etc. Even something as mundane as some of the "signals" used by a baseball
team, if non-obvious enough, could be considered a covert channel.

Covert channels are not a way to
strengthen the security policy of an organization, hardening the system
or protecting the DMZ -- they are a security risk, not a security-enhancing
technique.

&
Section 1.4.2: Backdoors

2. Enforcing minimum privileges for
general system users can be easily achieved through the use of:

A. RBAC

B. PRVMIN

C. TSTEC

D. IPSEC

Explanation: Ensuring least
privilege requires identifying what the user's job is, determining the
minimum set of privileges required to perform that job, and restricting
the user to a domain with those privileges and nothing more. By denying
to subjects transactions that are not necessary for the performance
of their duties, those denied privileges couldn't be used to circumvent
the organizational security policy. Although the concept of least privilege
currently exists within the context of the TCSEC, requirements restrict
those privileges of the system administrator. Through the use of RBAC
(role based access control), enforced minimum privileges for general
system users can be easily achieved.

&
Section 1.1: Access Control

&
Section 5.5: Privilege Management

3. Which of the following services
should be logged for security purpose?

A. bootp

B. tftp

C. sunrpc

D. No Answer is Correct

Explanation: Requests for
the following services should be logged on all systems: systat, bootp,
tftp, sunrpc, snmp, snmp-trap, nfs. This list is rather UNIX-centric,
nevertheless, it's possible for many of those services to be running
on Windows as well (if you're running them, log them!).

&
Section 1.7: Auditing

&
Section 5.9.4: Logs and Inventories

4. All logs are kept on archive for
a period of time. What determines this period of time?

A. Retention policies

B. Administrator preferences

C. MTTF

D. MTTR

Explanation: All logs collected
are used in the active and passive monitoring process. All logs are
kept on archive for a period of time, called a retention period. This
period of time will be determined by your company policies. This allows
the use of logs for regular audits, and annual audits if retention is
longer then a year. Logs must be secured to prevent modification, deletion,
and destruction.

Administrator preference is often
used to determine certain things like how long logs are retained ...
but since these decisions can affect the ability of the company to go
back and research potential security issues, it is a corporate issue
that should be governed by a deliberate policy statement.

MTTF and MTTR are not relevant to
setting the time for which logs will be retained. MTTF (Mean Time To
Failure, sometimes called MTBF, Mean Time Before Failure) is related
to the average amount of time a piece of equipment will be in service
before it fails. MTTR (Mean Time To Repair) is a measure of how long
it will take to repair the equipment when it fails.

&
Section 1.7: Auditing

&
Section 5.9.4: Logs and Inventories

5. With RBAC, roles are:

A. All equal

B. Based on labels

C. Based on flows

D. Hierarchical

Explanation: With RBAC (role-based
access control), security is managed at a level that corresponds closely
to the organization's structure. Each user is assigned one or more roles,
and each role is assigned one or more privileges that are permitted
to users in that role. Roles can be hierarchical.

Roles are not all equal. The point
of RBAC is that different rules can be assigned different security privileges.
Labels (such as secret, top secret, etc.) are more usually associated
with MAC (Mandatory Access Control). RBAC roles are not typically determined
by information flows.

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!